<?php
/***************************************************************************
 *   copyright				: (C) 2008, 2009 WeBid
 *   site					: http://www.webidsupport.com/
 ***************************************************************************/

/***************************************************************************
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version. Although none of the code may be
 *   sold. If you have been sold this script, get a refund.
 ***************************************************************************/

session_start();
$error_reporting = E_ALL^E_NOTICE;
//$error_reporting = E_ALL;  use this for debugging
define('InWeBid', 1);
// file check & 
if(!@include('config.inc.php'))
{
	$install_path = (!defined('InAdmin')) ? 'install/install.php' : '../install/install.php';
	header('location: ' . $install_path);
	exit;
}

$MD5_PREFIX = (!isset($MD5_PREFIX)) ? 'fhQYBpS5FNs4' : $MD5_PREFIX; // if the user didnt set a code
$include_path = $main_path . 'includes/'; 
$uploaded_path = 'uploaded/';
$upload_path = $main_path . $uploaded_path; 
$logPath = $main_path . 'logs/';

include $include_path . 'errors.inc.php'; //error handler functions
include $include_path . 'dates.inc.php';

// classes
include $include_path . 'functions_global.php';
include $include_path . 'functions_email.php';
include $include_path . 'functions_categories.php';
include $include_path . 'functions_fees.php';
include $include_path . 'functions_user.php';
include $include_path . 'template.php';

$system = new global_class();
$template = new template();
$user = new user();
set_error_handler('WeBidErrorHandler', $error_reporting);

include $include_path . 'messages.inc.php';

// add auction types
$system->SETTINGS['auction_types'] = array (
	1 => $MSG['1021'],
	2 => $MSG['1020']
);

// Atuomatically login user is necessary "Remember me" option
if (!$user->logged_in && isset($_COOKIE['WEBID_RM_ID']))
{
	$query = "SELECT userid FROM " . $DBPrefix . "rememberme WHERE hashkey = '" . mysql_escape_string($_COOKIE['WEBID_RM_ID']) . "'";
	$res = mysql_query($query);
	$system->check_mysql($res, $query, __LINE__, __FILE__);
	if (mysql_num_rows($res) > 0)
	{
		// generate a random unguessable token
		$_SESSION['csrftoken'] = md5(uniqid(rand(), true));
		$id = mysql_result($res, 0, 'userid');
		$query = "SELECT hash, password FROM " . $DBPrefix . "users WHERE id = " . $id;
		$res = mysql_query($query);
		$system->check_mysql($res, $query, __LINE__, __FILE__);
		$password = mysql_result($res, 0, 'password');
		$_SESSION['WEBID_LOGGED_IN'] 		= $id;
		$_SESSION['WEBID_LOGGED_NUMBER'] 	= strspn($password, mysql_result($res, 0, 'hash'));
		$_SESSION['WEBID_LOGGED_PASS'] 		= $password;
	}
}

if($user->logged_in)
{
	$system->ctime = time() + (($user->user_data['timecorrection'] + gmdate('I')) * 3600);
	$system->tdiff = ($user->user_data['timecorrection'] + gmdate('I')) * 3600;
}

$template->set_template();

// для всех форм
$template->assign_vars(array('FLAGS' => ShowFlags()));

// Формирование флагов, подсказок и ссылок для смены языков. 
function ShowFlags()
{
	global $system, $LANGUAGES;
	$counter = 0;
	$flags = '';
	foreach ($LANGUAGES as $lang => $value)
	{
		if ($counter > 3)
		{
			$flags .= '<br>';
			$counter = 0;
		}
		$flags .= '<a href="?lan=' . $lang . '"><img vspace="2" hspace="2" src="' . $system->SETTINGS['siteurl'] . 'includes/flags/' . $lang . '.gif" border="0" alt="' . $lang . '"></a>';
		$counter++;
	}
	return $flags;
}

function get_reminders($secid)
{
	global $DBPrefix, $system;
	$data = array();
	// get number of new messages
	$query = "SELECT COUNT(*) AS total FROM " . $DBPrefix . "messages
			WHERE isread = 0 AND sentto = " . $secid;
	$res = mysql_query($query);
	$system->check_mysql($res, $query, __LINE__, __FILE__);
	$data[] = mysql_result($res, 0, 'total');
	// get number of pending feedback
	$query = "SELECT COUNT(DISTINCT a.auction) AS total FROM " . $DBPrefix . "winners a
			LEFT JOIN " . $DBPrefix . "auctions b ON (a.auction = b.id)
			WHERE (b.closed = 1 OR b.bn_only = 'y') AND b.suspended = 0
			AND ((a.seller = " . $secid . " AND a.feedback_sel = 0)
			OR (a.winner = " . $secid . " AND a.feedback_win = 0))";
	$res = mysql_query($query);
	$system->check_mysql($res, $query, __LINE__, __FILE__);
	$data[] = mysql_result($res, 0, 'total');
	// get auctions still requiring payment
	$query = "SELECT COUNT(DISTINCT id) AS total FROM " . $DBPrefix . "winners
			WHERE paid = 0 AND winner = " . $secid;
	$res = mysql_query($query);
	$system->check_mysql($res, $query, __LINE__, __FILE__);
	$data[] = mysql_result($res, 0, 'total');
	// get auctions ending soon
	$query = "SELECT COUNT(DISTINCT b.auction) AS total FROM " . $DBPrefix . "bids b
			LEFT JOIN " . $DBPrefix . "auctions a ON (b.auction = a.id)
			WHERE b.bidder = " . $secid . " AND a.ends <= " . (time() + (3600 * 24)) . "
			AND a.closed = 0 GROUP BY b.auction";
	$res = mysql_query($query);
	$system->check_mysql($res, $query, __LINE__, __FILE__);
	$data[] = (mysql_num_rows($res) > 0) ? mysql_result($res, 0, 'total') : 0;
	// get outbid auctions
	$query = "SELECT a.current_bid, a.id, a.title, a.ends, b.bid FROM " . $DBPrefix . "auctions a, " . $DBPrefix . "bids b
			WHERE a.id = b.auction AND a.closed = 0 AND b.bidder = " . $secid . "
			AND a.bn_only = 'n' ORDER BY a.ends ASC, b.bidwhen DESC";
	$res = mysql_query($query);
	$system->check_mysql($res, $query, __LINE__, __FILE__);
	$idcheck = array();
	$auctions_count = 0;
	while ($row = mysql_fetch_assoc($res))
	{
		if (!in_array($row['id'], $idcheck))
		{
			// Outbidded or winning bid
			if ($row['current_bid'] != $row['bid']) $auctions_count++;;
			$idcheck[] = $row['id'];
		}
	}
	$data[] = $auctions_count;

	return $data;
}

?>